Page 13 of 97 results (0.011 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2017-12719 – Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-12719

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. Se ha descubierto un problema de desreferencia de puntero no fiable en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Un atacante remoto puede ejecutar código para desreferenciar un puntero en el programa, provocando que la aplicación deje de estar disponible. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. • http://www.securityfocus.com/bid/101685 https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •

CVSS: 6.8EPSS: 16%CPEs: 1EXPL: 1

CVE-2017-14016 – Advantech WebAccess webvrpcs ViewDll1 Stack-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2017-14016

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Se ha descubierto un problema de desbordamiento de búfer basado en pila en Advantech WebAccess en versiones anteriores a la V8.2_20170817. La aplicación no posee una validación adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un búfer basado en pila. Esto podría permitir que un atacante ejecute código arbitrario bajo el contexto del proceso. • https://www.exploit-db.com/exploits/43340 http://www.securityfocus.com/bid/101685 https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12702

https://notcve.org/view.php?id=CVE-2017-12702

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. Se descubrió una vulnerabilidad de cadenas de formato controladas externamente en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Los especificadores de formato de cadenas basados en valores de entrada proporcionados por el usuario no están validados correctamente, lo que podría permitir que un atacante ejecute código arbitrario. • http://www.securityfocus.com/bid/100526 https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12711

https://notcve.org/view.php?id=CVE-2017-12711

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. Se descubrió una vulnerabilidad de asignación incorrecta de privilegios en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Se le ha concedido un privilegio sensible a una cuenta de usuario incorporada que podría permitir a un usuario elevar sus privilegios a privilegios administrativos. • http://www.securityfocus.com/bid/100526 https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 • CWE-266: Incorrect Privilege Assignment •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12706

https://notcve.org/view.php?id=CVE-2017-12706

A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Se descubrió una vulnerabilidad de desbordamiento de búfer basado en pilas en Advantech WebAccess en versiones anteriores a la V8.2_20170817. Los investigadores han identificado múltiples vulnerabilidades en donde no se valida correctamente la longitud de los datos introducidos por el usuario antes de copiarlos a la pila, lo que podría permitir a un atacante ejecutar código arbitrario bajo el contexto del proceso. • http://www.securityfocus.com/bid/100526 https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •